Criminals use romance, patriotism to steal money

WASHINGTON (July 22, 2010) -- Shelly is a smart, successful business owner, but a brief liaison with a man claiming to be a servicemember nearly cost her everything.

Shelly was thrilled to meet a handsome Marine on a dating website she frequented. Although her contact with the military was limited, she was deeply patriotic and had a great admiration for servicemembers.

After just a few days, the man began professing his love for her via e-mail and instant messaging. He said he was deployed to Iraq, and was looking for love after he had lost his wife in a car crash about two years prior. His 5-year-old boy was staying with his sister while he was deployed, he told her.

Shelly was enthralled but, as a single mom, remained cautious. She began to notice some idiosyncrasies: his birth date on one website didn't match another and the picture with dark hair and eyes she originally saw didn't match the blond-haired, blue-eyed man on a different profile.

About three days into their relationship, the man told her his bank account had been hacked into and $37,000 had been taken. He couldn't check his bank account from Iraq, he claimed, asking her for some money to get by. Suspicious, Shelly asked him for his military address and phone number.

"I'm so disappointed you don't believe me," he said, and gave her a number that connected her to a fax machine. Fed up, Shelly called him out. Angry and defensive, he blew up at her and threatened to "get her" and "go public with who you are."

"What bothers me is he has my information," said Shelly, a successful media professional from the West Coast whose name has been changed to protect her privacy. "He knows I have a son, knows the name of my company and my address."

The man never admitted it was a scam, but unable to verify he was who he said, Shelly walked away. She'd like to report him but is scared of what he'll do. And the worst part, she said, is his profile is still on that site.

"It's so awful that he impersonates a military man," she said. "I have deep respect for the military, and he's using these guys to scam people."

Shelly is not alone in her Internet-based scare. Many people, from various backgrounds and in locations around the world, are falling victim to a wave of military-related Internet romance scams.

Special agents from the U.S. Army Criminal Investigation Command recently warned the American public of this scam. "We are seeing a number of scams being perpetrated on the Internet, especially on social, dating-type websites where females are the main target," Chris Grey, Army CID's spokesman, said in an Army News article.

These cyber criminals, posing as military members, prey on patriotic women seeking love online, as well as others with a soft spot for military members. In many cases, they say they're deployed, whether to Iraq or Afghanistan, and claim to need money for everything from leave papers to a flight back home.

They may pose as an Air Force lieutenant or an Army general, and even a fake profile of retired Gen. Richard A. Cody, former vice chief of staff of the Army, has popped up on several dating sites.

Gen. Raymond T. Odierno, commander of U.S. Forces Iraq, recently discovered that cyber criminals have been using his picture to ask people to send money. Odierno fought back using his Facebook page, on which he has nearly 10,000 fans.

"I have never solicited [personal] information from anyone, here or elsewhere, nor will I ever," he wrote July 17. "Thank you for your concern about those posing as me; our investigators are looking into all allegations."

The Internet Crime Complaint Center received nearly 340,000 complaint submissions in 2009, according to the center's 2009 Internet Crime Report. The vast majority of cases referred to local, state and federal law enforcement agencies contained elements of fraud and involved a financial loss by the complainant. The total dollar loss from all cases of fraud in 2009 that were referred to law enforcement by the center was $559.7 million, the report said.

Some women, like Shelly, realized early that they were being scammed, but others are left with empty bank accounts and broken hearts.

"It's not a bad thing to be patriotic, but people are trying to distort that for personal gain," Paul Sternal, the acting cyber crimes program director for the Defense Criminal Investigative Service, said during an interview with American Forces Press Service.

Sternal likened this wave of romance scams to a scam commonly seen within the Defense Department: the Nigerian scam. In this scam, a person sends an e-mail claiming to be overseas and in financial trouble. The person tries to entice someone to send money by promising a huge reward in return; in some cases money, or in Shelly's case, love and eventually marriage.

There's a lesson to be learned from Shelly's Internet-based troubles, Sternal said. People, particularly within the Defense Department, need to be on alert for online threats.

Each day, criminals ranging from individuals seeking personal gain to foreign governments looking to compromise national security, are mining the military for information, Sternal said. The networks, he said, are scanned millions of times per day and probed thousands of times per day, with increasing frequency and sophistication.

"The Defense Department, by the very nature of what it does, makes it an obvious target for people who want to exploit it for information about operations, technology, and what we do to defend the nation," Sternal said.

These threats can be presented in a variety of ways, from scams similar to the one Shelly faced to widespread and sophisticated phishing scams. Phishing scams are when people attempt to gain sensitive information, such as passwords and user names, by posing as a trustworthy source in an e-mail. These scammers may pose as a bank or credit card company and ask for information that the company normally wouldn't ask for, Sternal said.

In a recent phishing scam, numerous fraudulent e-mails were sent to financial customers of USAA and Navy Federal Credit Union. The e-mails, which appear to originate from USAA and the credit union, ask the recipient to provide or verify personal information such as name and rank, account numbers, date of birth and mother's maiden name.

"While these e-mails may appear to be legitimate, it's important to remember USAA and Navy Federal Credit Union will never ask for [personal identification] or to verify financial institution data via e-mail," a U.S. Strategic Command news release issued in response to this scam said.

In some cases, the e-mail may include a link that, when clicked on, installs a malicious code.

"The end game, in those instances, is not to compromise identity, but [not] to compromise information you have available to you as a Defense Department military member, civilian or contractor," Sternal said. He advised people to keep an eye out for e-mails that arrive "out of the blue."

"Know what your established relationships are," he said.

People need to use the same wisdom online that they use at home, Sternal said. People normally toss out junk mail, particularly when it's not personally addressed or from a trusted source. This same scrutiny needs to be applied to e-mails that arrive over the Internet, he said.

Additionally, people should keep an eye out for suspicious computer activity that can signify a virus, including a suddenly slow-running system or programs that suddenly start popping up without being opened, Sternal said.

Increasingly sophisticated adversaries are using the Internet to their full advantage, he said. They've gone from trying to physically smuggle a part or computer chip out of the country to trying to smuggle the design schematics online, which can have a major impact on national security.

"The Internet is a great resource, and look how the Defense Department uses it to communicate the good we do, to recruit, to get information out to help people," Sternal said. "There are tremendous benefits, but we need to be smart about how we do this."

To ensure the best protection of the military's information and networks, the Defense Department established the U.S. Cyber Command in May. But while the Defense Department has sophisticated protections in place, each employee has a personal responsibility to protect information as well.

Sternal passed on some tips for all computer users:

-- Use caution: Whether it's surfing the Internet, reading e-mail or downloading files, a savvy user exercise caution in where he goes, who he communicates with and what he accepts from other users.

-- Stay smart: It's important to pay attention to security bulletins and alerts, press reports on new cyber attacks, and even the department's INFOCON levels.

-- Expect it: All Defense Department employees are targets by affiliation. When deciding what to put out on the Internet - whether it's an e-mail or social networking site - consider the impact if that information ends up on the public domain or in the hands of a criminal. And if information is compromised, have a plan to respond and recover.

-- Take responsibility: The Defense Department offers employees free antivirus software for home use, and people should take full advantage of firewalls, strong passwords and encryption.

"If you have a home network, secure it," Sternal said.

These days, he said, users have grown clever and many now hit delete rather than open suspicious e-mails. However, as computer users become wiser, so do the adversaries, Sternal said. They're using increasingly sophisticated programs that will move them beyond the delete button, he said, making it even more important for people to stay alert.

As in Shelly's case, "I think people let their guard down on the Internet," Sternal said. "The thing to remember is that if it looks too good to be true, it probably is."

To report a cyber crime, visit the Internet Crime Complaint Center at http://www.ic3.gov/default.aspx, the Federal Trade Commission at http://www.ftc.gov/bcp/edu/microsites/idtheft or On Guard Online at http://www.onguardonline.gov.